Languages

Nicole KardellAssociate

From federal and state enforcement actions to government contract work, Nicole has spent most of her time as a lawyer representing clients on the opposite side of the table of government regulators and prosecutors. She has worked on matters involving the Federal Trade Commission, Department of Justice, Internal Revenue Service, Offices of Inspector General of several federal agencies, and Attorneys General of numerous states. Nicole also has worked on many matters in which clients have proactively opposed government action – before administrative as well as judicial bodies. When necessary, she has taken policy issues to congressional offices and committees.

Her years at Greenberg Traurig and Dewey & LeBoeuf afforded Nicole the opportunity to work on large investigative and media-rich cases – from the representation of a former inspector general in his unlawful termination suit against the federal government to the representation of a large multinational insurer in an extensive bid-rigging probe by several state attorneys general.

While working with Jeff Ifrah (both at Greenberg Traurig and Ifrah Law), Nicole has enjoyed building on her experience in federal government contracts and federal and state regulatory and investigative matters.

Securing Dismissal of a False Claims Qui Tam Suit

The suit involved a whistleblower that worked for a health care buying company (a group purchasing organization that purchases supplies and drugs). Terminated from the buying group, the employee alleged she was retaliated against because of issues she raised about the buying process.

The case was brought before the U.S. District Court for the Northern District of Texas, and 18 drug companies were named as defendants in an alleged bribery scheme. Jeff represented Merck, which was one of the named defendants. He filed a successful motion to dismiss the complaint, based on the former employee’s alarming lack of specificity in her claim.

Not only was our motion to dismiss successful, it was efficient: Jeff won the dismissal roughly one year after Merck and the other defendants were originally served.

A tried and true military strategy is to cut off your enemy’s supply lines: blow up a bridge and force a retreat. The tactic works in other situations too. It is regularly used by legislators and government agencies to address what they view as problem behavior from a particular industry. Instead of targeting the industry, they go after a major supplier, stakeholder, or intermediary. Want to take down online poker? Go after gaming sites’ payment processors (see Congress’ efforts through the Unlawful Internet Gambling Enforcement Act of 2006). Want to ensure U.S. taxpayers are paying up on their foreign income and assets? Force banks to do the reporting or pay an unconscionable penalty (see Congress’ efforts through the Foreign Account Tax Compliance Act of 2010).

Want to go after online skin betting? Shut off the Valve, so to speak.

The Washington State Gaming Commission is attempting to cut the supply lines in its initiative to crack down on online gambling of Counter-Strike: Global Offensive (CS:GO) skins. So it has put in its sites Valve Corporation, maker of the popular Steam API. Washington regulators have been investigating the company over the past eighteen months to determine whether it enables skin betting through Steam and–more importantly–what it can do to stop it. Regulators’ efforts include recently ordering Valve to stop allowing the transfer of skins via Steam. The company has carefully pushed back.

In a three-page letter dated October 17, 2016, Valve counsel, Liam Lavery, defended the company’s position and operation of Steam. He emphasized that Valve is not itself engaged in gambling or promoting gambling; that the company has discouraged third party sites; and that the company has otherwise cooperated with authorities. Lavery also challenged WSGC’s threats of criminal prosecution, requesting that the commission provide detail on what law–if any–the company is violating.

Lavery’s letter is bolder than it might at first appear. Those familiar with government enforcement actions know that when an agency approaches, it often makes strategic sense to follow the agency’s lead, especially when you are the intermediary, and not the target of the government’s actions. Time and money are generally on the side of government actors, who decide how extensively (or intensively) they want to investigate a company. So companies generally cooperate, let investigators set the standard, and do their best to stay out of the government’s cross-hairs (this is something we’ve described as enforcement creep in our blogs and elsewhere).

Valve’s push-back may make most sense in the context of the game it supports: it’s CS:GO time in real time, and Valve won’t let its players be taken hostage.

When you grant access to a $ 4 billion fund and give fund participants relative autonomy in how they use those funds, ne’er-do-wells will sniff their way to the honey pot. Keeping them out can be a challenge. So goes the story of the federally administered Schools and Libraries Program, better known as E-Rate.

Established by the Telecommunications Act of 1996, E-Rate is a federal subsidy that helps schools and libraries–particularly those in disadvantaged areas–pay for telecommunications services (e.g., Internet access). The program runs a $3.9 billion fund today.

Schools and libraries that want to take advantage of E-Rate simply need to follow the program’s bid and approval process. Participants oversee the bidding process and choose their service provider. While participants are required to choose the most cost effective provider, there isn’t much of a check on whether they actually do: they need only self-certify that they chose the most cost effective bid.

E-Rate participant autonomy has been a problem as the program regularly faces allegations of fraud and abuse. These concerns prompted a GAO study and senate hearings in the early 2000s. Former Rep. Jim Greenwood (R-PA) told the New York Times, “You couldn’t invent a way to throw money down the drain that would work any better than this.” After the GAO reported its findings (2004), U.S. Rep. Joe Barton (R-TX), Chairman of the Committee on Energy and Commerce, said, “Unscrupulous vendors … fleeced the program while underserved communities and telephone customers pay the price.” Over the past decade, there have been a number of investigations and enforcement actions, resulting in civil as well as criminal penalties, including jail time for a few program profiteers.

Adding to the temptation for ne’er-do-wells are the millions of dollars left on the table in E-Rate funds each year. According to EducationDive, some $245 million in funds went unclaimed in 2014. It is almost hard to blame profiteers for seeking out what they perceive as free money, especially when they have so much control over the process.

There may be a lot of good intentions behind E-Rate. But in its current form and function, E-Rate is but one more example of a poorly administered federal funds that attract those able to game the system.

What a difference two words can make. Just ask the Center for Competitive Politics (CCP) or Americans for Prosperity (AFP), two organizations that filed separate lawsuits against the same defendant, California Attorney General Kamala Harris, over the same issue: whether Harris’s office had the right to access the organizations’ donor information. (The cases are Center for Competitive Politics v. Harris and Americans for Prosperity v. Harris.)

The plaintiffs’ arguments in each case were basically the same: the state’s request to access donor information would violate the first and fourteenth amendments of the U.S. Constitution. But there the similarities stopped: the CCP never got to trial, whereas the AFP did—and won! Was the CCP the victim of a miscarriage of justice? Nah. It all came down to two words: “as applied.”

You know the saying “go big or go home?” Well, unfortunately the CCP did both: it tried to get the court to rule that Harris’s probe of donor information would be unconstitutional for all organizations. The AFP took a different approach: it asked the court to call the probe unconstitutional “as applied” to the AFP alone.

Ding!The AFP’s narrower approach enabled the court to provide relief without upsetting Harris’s authority and potentially affecting thousands of other organizations. Courts generally hesitate to invalidate a state’s actions when they can provide individual relief to the plaintiff instead. If the CCP had taken this course, it might have had a flying chance. But now it had the added burden of proving how the state’s actions would adversely affect all organizations subject to the same request.

Meanwhile, the AFP coasted without having to prove any such thing. All it had to show was how the state’s request had already affected the organization and could continue to do so. This was no fun task, though. Several individuals testified that they suffered reprisals, assaults, and even death threats due to their association with the AFP—a strongly conservative organization. Clearly, being publicly linked to the AFP could lead to serious fallout. For her part, Harris tried to argue that the state would keep donor information confidential, but the AFP was able to show how this had failed before, citing over one thousand instances of donor information being improperly disclosed on the AG’s own website!

The AFP showed that the risk of scaring, and therefore discouraging, would-be donors was real. The chilling effect on individuals’ freedom of association would be too steep a price to pay for a nominal benefit to the state.

It was a strong case—unlike the defendant’s. Harris claimed that accessing donor information was in the state’s best interest; reviewing the findings would help uncover potential irregularities tied to fraud, waste, or abuse. Maybe it would—but it doesn’t pass the “exacting scrutiny” test, which requires states to protect their interests by the least restrictive means in situations like this. More importantly, Harris could not produce any evidence or testimony to corroborate her argument that access to donor information was important to state law enforcement. Although several state-employed investigators and attorneys took the stand, none could claim that they needed, or even used, donor information to do their work—and if they did need it, they could generally get it elsewhere. This evidentiary failure undercut Harris’s arguments and called into question the state’s overall scheme.

In the end, it was not a tough decision: with so strong a case by the plaintiff, and so weak one by the state, the court sided plainly with the plaintiff. It could have gone a step further and declared the state’s actions broadly unconstitutional, but instead it judged the state’s actions to be improper as applied to the AFP alone. This was a good idea, because Harris will have a harder time challenging the decision on appeal.

So the AFP trial didn’t set a huge precedent for everyone—but that’s kind of the point. If you’re going to file suit, and there’s a path of least resistance, take it. Those sweeping courtroom victories you see in the movies are rare. In real life, justice takes baby steps.

Data breaches are as common as the common cold—unfortunately, just as incurable. Run a news search on “data breaches” and you’ll find that all kinds of institutions—major retailers, tech companies, universities, even government agencies—have been vulnerable at some point. Now run a search on “data breaches,” but include the word “lawsuit.” You’ll find that many of these cases are going to court, but ultimately getting dismissed. What’s going on?

First, you should look at some of these lawsuits more closely: are they filed against the alleged perpetrators of the data breach? Many of them aren’t; those perpetrators are usually hackers who live outside the country or are unable to pay a money judgment. (In legal parlance, that’s known as being judgment proof.) Faced by those limitations, individual victims of data breaches frequently settle for the next best thing: going after the institutions that endured the breach.

Often, this isn’t fair—the institutions are victims too. The point here is that although going after the institutions looks like an easy win from “deep pockets,” that seldom turns out to be the case.

Plaintiffs in data breach cases, which are usually class actions, need to demonstrate liability on the part of the institution. Much of the time, they rest their case on either negligence or breach of contract claims. Both legal theories require the plaintiff to show the same things: 1) that the defendant had a clear duty to protect the plaintiff’s data, 2) that the defendant breached that duty, and 3) that the plaintiff sustained injury as a result. (For breach of contract, plaintiffs must point to a concrete or sufficiently implicit contract that binds the institution to the stated responsibilities; often this is the institution’s privacy policy.) Plaintiffs typically argue that the institution had an obligation to take precautionary measures against data breachesbut failed, and therefore caused injury to the plaintiffs.

It’s with the third and final point—demonstrating injury—that plaintiffs have the most trouble. Why? Because courts view injury in fiscal terms; you need to show that you actually lost something, not simply that you might. So even if you were the victim of a data breach, as long your data hasn’t yet been compromised, it doesn’t really count as injury.

There have been exceptions, when the court greenlit cases based mainly on speculative injury, but these usually ended in a settlement before a legal precedent could be set. (See cases against Home Depot, Target, Adobe, and Sony.) For the most part, the fiscal view of injury has prevailed—reinforced in 2013, when the Supreme Court, weighing in on Clapper vs Amnesty Int’l, determined that a plaintiff cannot proceed with a data breach lawsuit unless he or she can demonstrate actual injury or at least imminent threat of injury, each one measurable in economic loss. Otherwise, mere perception of injury is too tenuous to establish legal standing, which a case requires to go forward, and the lawsuit will probably get tossed.

The challenge of establishing legal standing recently made its way to the Supreme Court in Spokeo v. Robins. In that case, a plaintiff filed suit against the “people search engine” Spokeo for publishing false information about him. The issue before the Court was this central question of how much injury must be shown for a case to go forward. Prospective plaintiffs were optimistic that the high court would affirm a lower court’s decision that speculative injury was indeed enough. Alas, the Supreme Court sidestepped the issue and punted it back to the lower court for further review. The Court nonetheless reinforced the general tenets that, for a plaintiff to have standing to bring a case, he must allege an “injury in fact” that is both “concrete and particularized.” There is still room for the lower court to broaden the approach to what constitutes an injury, but the Supreme Court’s ruling keeps the status quo in place.

For now, individuals whose data has been compromised generally must be satisfied with what the institutions offer them after a breach occurs: free credit checks and/or access to credit monitors. Do checks and monitoring seem inadequate? Notif you think about what type of harm people face after a data breach. Individuals can detect and report problems in the event someone actually misuses their data. If they keep on top of it, their credit scores will not be impacted. Moreover, credit card companies and other financial institutions will bear the cost of any unapproved charges. In the event of further problems, plaintiffs can then take their injury to the legal system and have their day in court. But at this point, the courts are right to keep this type of class action litigation at bay.

Public schools and libraries in the U.S. can save a lot of money on Internet service by applying for the Schools and Libraries Program, a federal subsidy better known as E-Rate.

E-Rate funding, capped yearly at $3.9 billion, helps eligible institutions cover costs of Internet service. Participants can save anywhere from twenty to ninety percent of their Internet expenses—the precise amount being dictated by the economic standing of both the participating institution and the school district where it is located.

E-Rate and three other programs are part of the Universal Service Fund (USF), a system of subsidies born out of the Telecommunications Act of 1996 as a way to ensure affordable telecom rates across the country. Although the Federal Communications Commission (FCC) oversees the USF, the fund is managed by a nonprofit corporation called the Universal Service Administrative Company (USAC).

Detailed information on how to apply for E-Rate can be found in the Schools and Libraries Program overview. Basically it works as a bidding process. An applicant fills out FCC Form 470, requesting specific services, and submits it to the USAC. The USAC then issues an RFP for telecom providers who want to bid for the requested services. After 28 days, the applicant can study the bids. When it selects one, it requests E-Rate funding by filing FCC Form 471 within a deadline set by the FCC (for FY2016 it is May 26).

The discount rate is generally determined by the size of the population, in the applicant’s school district, that qualifies for the National School Lunch Program. The applicant must also file Form 486, listing services for which funds are requested and ensuring compliance with the Children’s Internet Protection Act.

There are limits to what E-Rate can cover. The applicant is solely responsible for end-user equipment, like hardware and software, and also for any non-discounted portions of Internet services.

While it is a great opportunity to save money, E-Rate isn’t a free-for-all. To discourage abuse and misuse of the program, the FCC requires applicants to comply with a series of rules, notably:

Compliance with state and local law. It’s not enough to follow the FCC standards only.

Applicants cannot seek discounts for services not requested. In other words, services listed on Form 471 must match (or not exceed) services requested on Form 470.

Fair, competitive bidding. Applicants are responsible for ensuring an open, fair, and competitive bidding process to select the most cost-effective provider.

Document retention. Applicants must save all competing bids for services to demonstrate they selected the most cost-effective bid, with price being the primary consideration. Records should be kept for at least ten years after the last date of service delivered.

CIPA compliance. Applicants must confirm compliance with the Children’s Internet Protection Act, which requires schools and libraries that receive federal funding to employ Internet filters that protect children from harmful content.

In spite of these rules, the wealth of funds in the E-Rate program can attract abuse. In response, the FCC created the USF Strike Force in 2014 and tasked it with combatting waste, fraud, and abuse of the USF programs. Federal agents have shown that they are serious about investigating alleged abuses. One widely publicized case in Ramapo, NY, recently led to several raids. We will look at that case and others like it in upcoming posts.

Information on www.ifrahlaw.com is for general use and is not intended as legal advice. Sending an e-mail through this Web site, and receipt of same, does not constitute an attorney-client relationship. Information sent via e-mail is not considered confidential or privileged unless we have agreed to represent you. By sending this e-mail, you confirm that you have read, understand and agree to this notice.